Sextortion Spam.

January 12, 2019

If you received such a mail(See below), it means that cybercriminals have already collected your email address. Don't panic, this is just a trap to trick you. Here's an example of what the email might look like.

The email you received was sent from a fake email address. This means it wasn't actually sent from the address it appears to be from.

Even though your company uses a strong security system like Office 365 ATP (Advanced Threat Protection), this email was able to bypass it using the reputed email service provider.

When this email was received, security systems like VirusTotal (VT) didn't detect it as malicious (while writing this post). This is because the attackers may have used new or previously unknown techniques."

Key points:

  • Email compromise: Your email address has likely been collected from previous data breaches or online activities.
  • Phishing attempt: The email is a phishing attempt designed to trick you into clicking on links, downloading attachments, or revealing sensitive information.
  • Spoofed email address: The email address shown is fake and doesn't belong to the sender.
  • Bypassed security: The email was able to bypass sophisticated security measures, indicating a sophisticated attack.
  • Evasion techniques: The attackers may be using new or previously unknown techniques to evade detection by security systems.

In simpler terms:

Imagine someone found your home address and is trying to trick you into opening a suspicious package. They might use a fake return address and try to make it look legitimate. Even though you have a strong security system at home, the package might still get delivered. This is similar to how this email was able to bypass your company's security.

Important Note: This explanation is for informational purposes only. Always exercise caution when dealing with any suspicious emails. Never click on links or open attachments from unknown senders. If you suspect a phishing email, report it to your IT department immediately.

X-BESS-REASON: bbl
X-BESS-REASON-EXTRA: 175.117.27.170
Received: from [175.117.27.170] (unknown [175.117.27.170]) by mx4.eu-west-2a.ess.aws.cudaops.com; Wed, 09 Jan 2019 18:31:24 +0000
Message-ID: <003e>
From: <cust>
To: <cust>
Subject: Your account has been hacked! You need to unlock.
Date: 10 Jan 2019 11:03:17 +0800
MIME-Version: 1.0
Content-Type: text/plain;
 charset="ibm852"
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-MSMail-Priority: Normal
X-BESS-ID: 1547058684-889006-11704-54424-1
X-BESS-VER: 2018.16_20190108.1920
X-BESS-Apparent-Source-IP: 175.117.27.170

Hi, stranger!

I hacked your device, because I sent you this message from your account.
If you have already changed your password, my malware will be intercepts it every time.

You may not know me, and you are most likely wondering why you are receiving this email, right?
In fact, I posted a malicious program on adults (pornography) of some websites, and you know that you visited these websites to enjoy 
(you know what I mean).

While you were watching video clips,
my trojan started working as a RDP (remote desktop) with a keylogger that gave me access to your screen as well as a webcam.

Immediately after this, my program gathered all your contacts from messenger, social networks, and also by e-mail.

What I've done?
I made a double screen video.
The first part shows the video you watched (you have good taste, yes ... but strange for me and other normal people),
and the second part shows the recording of your webcam.

What should you do?

Well, I think $645 (USD dollars) is a fair price for our little secret.
You will make a bitcoin payment (if you don't know, look for "how to buy bitcoins" on Google).

BTC Address: 1GjZSJnpU4AfTS8vmre6rx7eQgeMUq8VYr
(This is CASE sensitive, please copy and paste it)

Remarks:
You have 2 days (48 hours) to pay. (I have a special code, and at the moment I know that you have read this email).

If I don't get bitcoins, I will send your video to all your contacts, including family members, colleagues, etc.
However, if I am paid, I will immediately destroy the video, and my trojan will be destruct someself.

If you want to get proof, answer "Yes!" and resend this letter to youself. 
And I will definitely send your video to your any 17 contacts.

This is a non-negotiable offer, so please do not waste my personal and other people's time by replying to this email.

Bye!


Tags # fraud # sextortion # threat Continue Reading
By at
Tags , ,

MongoDB Failed to start lsb an object-document-oriented database

December 28, 2018
MongoDB could not started after installation of 3.6 version, However downgrade to the 3.4, still the Mongodb couldn't start and show below error message.


Search don't help to resolved the issue. After so much hit and trail nothing work. One Chinese forum posted this command and its works for me. 

cd /var/lib
sudo rm -rf ./mongodb
sudo mkdir mongodb
sudo chown -R mongodb mongodb/
sudo serivce mongodb restart
Tags # Database # linux Continue Reading
By at
Tags ,

UBUNTU Files not Opening

February 05, 2017
Suddenly My Ubuntu 16.04 LTS giving me a issue, I can't open files manger as well as screenshots app.  So I dig into the problem and found this temporary solution for file manager. Still searching for permanent solution. Ubuntu is very buggy since and then, not stable any way.

Step 1:

@jpudasaini:~$ nautilus -q

(nautilus:6210): GLib-GIO-CRITICAL **: g_dbus_interface_skeleton_unexport: assertion 'interface_->priv->connections != NULL' failed

(nautilus:6210): GLib-GIO-CRITICAL **: g_dbus_interface_skeleton_unexport: assertion 'interface_->priv->connections != NULL' failed

(nautilus:6210): Gtk-CRITICAL **: gtk_icon_theme_get_for_screen: assertion 'GDK_IS_SCREEN (screen)' failed

(nautilus:6210): GLib-GObject-WARNING **: invalid (NULL) pointer instance

(nautilus:6210): GLib-GObject-CRITICAL **: g_signal_connect_object: assertion 'G_TYPE_CHECK_INSTANCE (instance)' failed

Step 2:

jpudasaini@jpudasaini:~$ nautilus
Nautilus-Share-Message: Called "net usershare info" but it failed: Failed to execute child process "net" (No such file or directory)



New your file manager is ready to used.

HTH
Tags # linux Continue Reading
By at
Tags

Cisco ASA in GNS3

January 23, 2017
Here is another tutorial running Cisco ASAv on GNS3 using Qemu.

For Configure GNS3

In My case I have used ASAv952-204.qcow2

Go to the GNS3>Edit>Preferences>QEMU>Qemu VMs>New
Follow on screen procedure. 

 Don't forget to enable kvm and memory allocation. 

Now you can see I can run ASAv 9.5.2

 Blank Password.

Tags # cisco # GNS3 # network Continue Reading
By at
Tags , ,

IOS XR GNS3 QEMU

December 05, 2016
This time lets have tutorial on Cisco XR 9k series router image running on the GNS3. Please don't ask for the XR image. Your are smart enough to get it.

My system configuration:

Ubuntu 16.04
GNS3 1.4
RAM 8Gig
i7 processor

Used XR Image
iosxrv-k9-demo-6.0.1.qcow2

This image is VIRL extracted image.

You need to convert this image into QEMU image, follow this link

I strongly recommend you to run it on the Linux system.

Now you have converted image, then go to the GNS3>Edit>Preferences>QEMU>Qemu VMs>New
then follow the onscreen procedure.

Setting for QEMU XR Image.

RAM:- 4Gig
CPU:- 1


Adapters at lest 4. 


-enable-kvm




Here you can see I can run the XR on my system. Interface is up and system is already booted. 



I have run 3 XR router  here is my system RAM CPU usages.



RP/0/0/CPU0:XR3(config)#int gi0/0/0/0
RP/0/0/CPU0:XR3(config-if)#ip add 192.168.13.2 255.255.255.252
RP/0/0/CPU0:XR3(config-if)#commit
RP/0/0/CPU0:XR3#ping 192.168.13.1
Mon Dec  5 14:28:29.088 UTC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.13.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/19 ms


Note: Assign IP on gi0/0/0/0 interface but connect on e1 to e/1 on your router otherwise it will not ping. 

Enjoy. 




Tags # cisco # linux # network Continue Reading
By at
Tags , ,

Unit vpnagentd service not loaded.

December 01, 2016
Somebody ask me to run Cisco EPIC VPN lab test provide by the Cisco. I just try it done but Anyconnect client doesn't seems to work on ubuntu system. The error message was


How to resolved the issue?? 

First of all install the following packages.

sudo apt-get install lib32z1 lib32ncurses5

Then try to install the AnyConnect client, if its still show the same error message. Used below command....

sudo apt-get install network-manager-openconnect

Reload the changes using this command....

sudo systemctl daemon-reload

Now AnyConnect should be installed. 




Tags # cisco # linux # network Continue Reading
By at
Tags , ,

Perl Can't Locate in @inc

September 04, 2016
Recently I try to install  SmokePing (tar ball) on Centos 7, for my company to check Network latency, but  same error re-occur.

Multiple Errors:

Then I search a lot, try to install the packages but the problem still appear, then after I found  a simple solution.



Solution:

 # perl -MCPAN -eshell
Terminal does not support AddHistory.

cpan shell -- CPAN exploration and modules installation (v1.9800)
Enter 'h' for help.

cpan[1]> install Net::OpenSSH
Reading '/root/.cpan/Metadata'
  Database was generated on Sat, 03 Sep 2016 21:53:30 GMT
Running install for module 'Net::OpenSSH'
Running make for S/SA/SALVA/Net-OpenSSH-0.73.tar.gz
Fetching with LWP:
http://cpan.communilink.net/authors/id/S/SA/SALVA/Net-OpenSSH-0.73.tar.gz
Fetching with LWP:
http://cpan.communilink.net/authors/id/S/SA/SALVA/CHECKSUMS
Checksum for /root/.cpan/sources/authors/id/S/SA/SALVA/Net-OpenSSH-0.73.tar.gz ok
Scanning cache /root/.cpan/build for sizes
............................................................................DONE

  CPAN.pm: Building S/SA/SALVA/Net-OpenSSH-0.73.tar.gz

Checking if your kit is complete...
Looks good
Writing Makefile for Net::OpenSSH
Could not read metadata file. Falling back to other methods to determine prerequisites
cp lib/Net/OpenSSH/ConnectionCache.pm blib/lib/Net/OpenSSH/ConnectionCache.pm
cp lib/Net/OpenSSH/ShellQuoter/fish.pm blib/lib/Net/OpenSSH/ShellQuoter/fish.pm
cp lib/Net/OpenSSH/ShellQuoter.pm blib/lib/Net/OpenSSH/ShellQuoter.pm
cp lib/Net/OpenSSH/ShellQuoter/POSIX.pm blib/lib/Net/OpenSSH/ShellQuoter/POSIX.pm
cp lib/Net/OpenSSH/ModuleLoader.pm blib/lib/Net/OpenSSH/ModuleLoader.pm
cp lib/Net/OpenSSH/ShellQuoter/Chain.pm blib/lib/Net/OpenSSH/ShellQuoter/Chain.pm
cp lib/Net/OpenSSH/SSH.pm blib/lib/Net/OpenSSH/SSH.pm
cp lib/Net/OpenSSH/Constants.pm blib/lib/Net/OpenSSH/Constants.pm
cp lib/Net/OpenSSH/ShellQuoter/MSWin.pm blib/lib/Net/OpenSSH/ShellQuoter/MSWin.pm
cp lib/Net/OpenSSH/OSTracer.pm blib/lib/Net/OpenSSH/OSTracer.pm
cp lib/Net/OpenSSH.pm blib/lib/Net/OpenSSH.pm
cp lib/Net/OpenSSH/ShellQuoter/MSCmd.pm blib/lib/Net/OpenSSH/ShellQuoter/MSCmd.pm
cp lib/Net/OpenSSH/ShellQuoter/csh.pm blib/lib/Net/OpenSSH/ShellQuoter/csh.pm
cp lib/Net/OpenSSH/ObjectRemote.pm blib/lib/Net/OpenSSH/ObjectRemote.pm
Manifying blib/man3/Net::OpenSSH::SSH.3pm
Manifying blib/man3/Net::OpenSSH::Constants.3pm
Manifying blib/man3/Net::OpenSSH::ShellQuoter::MSWin.3pm
Manifying blib/man3/Net::OpenSSH::ConnectionCache.3pm
Manifying blib/man3/Net::OpenSSH::ShellQuoter::MSCmd.3pm
Manifying blib/man3/Net::OpenSSH.3pm
Manifying blib/man3/Net::OpenSSH::OSTracer.3pm
  SALVA/Net-OpenSSH-0.73.tar.gz
  /usr/bin/make -- OK
'YAML' not installed, will not store persistent state
Running make test
PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t
t/1_run.t .... #
# SSH client found: OpenSSH_6.6.1p1, OpenSSL 1.0.1e-fips 11 Feb 2013.
# Trying to connect to localhost, timeout is 15s.
Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.
root@localhost's password:
t/1_run.t .... ok  
t/quoting.t .. # unable to exec csh -c echo good
# unable to exec tcsh -c echo good
# unable to exec ksh -c echo good
# unable to exec dash -c echo good
# unable to exec ash -c echo good
# unable to exec pdksh -c echo good
# unable to exec mksh -c echo good
# unable to exec zsh -c echo good
# unable to exec fish -c echo good
# running tests for shells sh bash
t/quoting.t .. ok    
t/uri.t ...... ok  
All tests successful.
Files=3, Tests=471, 16 wallclock secs ( 0.17 usr  0.01 sys +  1.63 cusr  1.06 csys =  2.87 CPU)
Result: PASS
  SALVA/Net-OpenSSH-0.73.tar.gz
  /usr/bin/make test -- OK
Running make install
Installing /usr/local/share/perl5/Net/OpenSSH.pm
Installing /usr/local/share/perl5/Net/OpenSSH/ConnectionCache.pm
Installing /usr/local/share/perl5/Net/OpenSSH/ShellQuoter.pm
Installing /usr/local/share/perl5/Net/OpenSSH/ModuleLoader.pm
Installing /usr/local/share/perl5/Net/OpenSSH/SSH.pm
Installing /usr/local/share/perl5/Net/OpenSSH/Constants.pm
Installing /usr/local/share/perl5/Net/OpenSSH/OSTracer.pm
Installing /usr/local/share/perl5/Net/OpenSSH/ObjectRemote.pm
Installing /usr/local/share/perl5/Net/OpenSSH/ShellQuoter/fish.pm
Installing /usr/local/share/perl5/Net/OpenSSH/ShellQuoter/POSIX.pm
Installing /usr/local/share/perl5/Net/OpenSSH/ShellQuoter/Chain.pm
Installing /usr/local/share/perl5/Net/OpenSSH/ShellQuoter/MSWin.pm
Installing /usr/local/share/perl5/Net/OpenSSH/ShellQuoter/MSCmd.pm
Installing /usr/local/share/perl5/Net/OpenSSH/ShellQuoter/csh.pm
Installing /usr/local/share/man/man3/Net::OpenSSH::SSH.3pm
Installing /usr/local/share/man/man3/Net::OpenSSH::Constants.3pm
Installing /usr/local/share/man/man3/Net::OpenSSH::ShellQuoter::MSWin.3pm
Installing /usr/local/share/man/man3/Net::OpenSSH::ConnectionCache.3pm
Installing /usr/local/share/man/man3/Net::OpenSSH::ShellQuoter::MSCmd.3pm
Installing /usr/local/share/man/man3/Net::OpenSSH.3pm
Installing /usr/local/share/man/man3/Net::OpenSSH::OSTracer.3pm
Appending installation info to /usr/lib64/perl5/perllocal.pod
  SALVA/Net-OpenSSH-0.73.tar.gz
  /usr/bin/make install  -- OK

Tags # linux # network Continue Reading
By at
Tags ,